The Hacker News reports that a new, previously undocumented remote access trojan (RAT) written in Rust and codenamed LabubaRAT has been identified. This malware is designed to disguise itself as legitimate NVIDIA software, allowing it to blend seamlessly into target systems and establish a persistent foothold for attackers.LabubaRAT operates by impersonating NVIDIA's container runtime toolkit, using an executable named "nvidia-sysruntime.exe." Instead of hardcoding its command-and-control (C2) server details, it accepts this crucial information via command-line arguments, which can be configured at runtime. This flexibility allows attackers to reuse the same compiled binary across different campaigns and targets. The malware then stores this configuration in a local SQLite database and proceeds to profile the host. It identifies installed web browsers and security products, including major antivirus solutions like Microsoft Defender, CrowdStrike, and SentinelOne, as well as gathering system information such as hostname, RAM, CPU model, and User Account Control (UAC) status.Once deployed, LabubaRAT offers a comprehensive set of functionalities, including command execution, file transfer, screenshot capture, and SOCKS5 proxy support. It supports multiple communication methods like HTTPS, WebView2, and DNS tunneling, making it difficult to disrupt. Evidence suggests LabubaRAT may be offered as a malware-as-a-service (MaaS).Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



